www.belgium.be Logo of the federal government

Warning: DoS Vulnerabilities In Cisco NX-OS Switches, Patch Immediately!

Advisory #2024-35
Affected software: 
Cisco Nexus 3000 Series Switches
Cisco Nexus 5500 Platform Switches
Cisco Nexus 5600 Platform Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Switches in standalone NX-OS mode
Denial of Service (DoS)

CVE-2024-20267 :CVSS 8.6(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVE-2024-20321 :CVSS 8.6(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)


CVE-2024-20267: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM

CVE-2024-20321: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ


Cisco released two advisories for vulnerabilities affecting Cisco NX-OS. A malicious actor could use these vulnerabilities to perform a Denial-of-Service (DOS) attack. These vulnerabilities can lead to disruptions in your network and data center.


CVE-2024-20267 - MPLS Encapsulated IPv6 Denial of Service

An unauthenticated, remote attacker can cause the netstack process to restart while processing MPLS traffic. This causes the device to stop processing network traffic or to reload.

Cisco notes that “The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.”

CVE-2024-20321 - Border Gateway Protocol Denial of Service

A vulnerability in the External Border Gateway Protocol (eBGP) component of NX-OS could allow an unauthenticated, remote attacker to execute a denial of service (DoS) attack on the device.

The vulnerability can be exploited by sending large amounts of network traffic with certain characteristics. Successful exploitation leads to eBGP neighbor sessions to be dropped.

Recommended Actions


The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Install the latest software available on the Cisco Software Center: https://software.cisco.com/download/home


The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.